Subscribe to our Best Free Adware/Spyware/Scumware Remover
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
It's been some time since my last round of testing, and the time has certainly come for a refresher. Adopting much the same approach as previously, I have been asked if there were any surprises, and the honest answer is yes, there have. The most significant surprise was how difficult I was finding it to infect my system in the first place. After three hours of browsing, deliberatley choosing websites and domains where infection was almost a prerequisite, I had nothing, and it was only after investigating various system settings that I found out why. For those looking for the technical "how I did it", I once again started with a clean install of XP SP2 on a virtual machine, patched with the necessary microsoft updates. I deliberately did not upgrade to SP3. Having gotten my clean install, I backed it up, and then went off to infect it. Before doing so I downloaded installation packages for those on test, and once I had my machine infected, I backed up the infected machine. I restored the original infected machine to test each product, ensuring a level playing field for each test. Finally, I did incremental scans with each product on the same infected system. |
|
Discussion
|
|
So, the question is why was it so hard for me to get my machine infected in the first place, and having identified the "problem", my top recommendation is not an anti-malware product, and doesn't even involve a download or a scan of any type. It doesn't offer any form of protection on your PC, but it will help enormously against infection in the first place. What is this magic solution? For some time, I have been using OpenDNS as my DNS server, rather than my ISPs own offering. I hadn't realised how pro-active OpenDNS is in the fight against drive by malware protection. Quite simply, every time I tried to visit a site guaranteed to infect me, it was simply shown as not found. During normal browsing sessions you never see this, and so it took me a while to realise the cause. Only after switching back to my ISP hosted DNS was I able to find the infections that I craved. Requiring only a quick, free registration and simple confirguration change, you improve your protections considerably. Having made that recommendation, it is still possible to infect your system, either running software that may spread infection, or visiting sites that may not be in OpenDNS blacklist, and whilst an excellent first line of defence, local protection is still a must. Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything, the general package, whilst aesthetically similar, is improved since last time, managing to detect and clean after a single scan rather than the two scans required last time. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a critisicm, it's that the freeware version still installs a startup item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is A-Squared free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. A-Squared was able to identify just 43 infections, though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately A-Squared was unable to automatically clean some of the more virulent infections found itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of A2 is the download size, being a huge 54.2 MB, immediately followed by a further 20MB updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
As mentioned, I can only recommend the freeware version. During testing I inadvertently downloaded the full version of A2, which runs in evaluation mode for 30 days. Strangely, the full version hung on the scan during each test (though the program itself didn't crash), which is a particular worry.
Sharing the second place spot is MalwareBytes AntiMalware. MBAM caused me considerable problems initially, being one of two programs that had been actively bocked from running by one of the nasties I had picked up. Only after renaming the main executable, and running it in safe mode was I able to proceed. This initial scan found 19 infections and managed to clean them sufficently that when I rebooted I was able to run the program in a normal environment. I updated the program and ran a full scan, which found a further 8 infections, bringing the total to 27. Where MBAM did better than other products on test was it's ability to remove hijacked DNS entries (which forced redirection of links from popular search engines to less productive sites).
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not posses; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the google pack, or from here.
Old timer Ad-Aware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, Spyware Terminator and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 Gb) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. Spyware Terminator found just 3 threats, and The Cleaner 2010 found absolutely none.
Arovax Shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing it's job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targetted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there is still little more useful that HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
 And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
|
|
Related Products and Links
|
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
This software category is maintained by volunteer editor Steve Hargreaves. The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate ... peter |
|||||||||||||||||||||
4.30.1004 
Unrestricted Freeware 
Windows 98, 98SE, ME, 2000, Vista, 2003 and XP Home/Pro
Delicious
Digg
StumbleUpon
Please rate this article
I know Spybot is not as good as SAS and Malwarebytes when it comes to scanning, but what about free real time protection, which you have to pay for from those other two? If I'm running AVG 9 free with its Resident Shield turned on, do I need to run Windows Defender' real time protection and Spybot's TeaTimer? Do they work? I'm tired of TeaTimer taking up system resources, it seems very heavy; is there something better? Thanks.
IMO, turn off spybot tt and win defender completely. just use one realtime av. consider avast or avira instead of avg, especially if you're concerned about resource use, as both have anti spyware capabiities.
This is good advice. I find that most people overestimate their need for additional anti-spyware protection other than that now included in many of the standard anti-virus solutions. In any case, spyware can't work unless it can get out of your PC again after it's got in, so having a correctly configured firewall and responding to the alerts properly is already most of the battle won.
I have been using Malwarebytes Anti-Malware and Super Anti-Spyware for about 5 or 6 months. MBAM has never found anything on my computer and SAS only ever finds cookies on it. I almost always use the quick scan on both apps because my PC is slow and full scans take forever. When I have done full scans (about 1 or 2 times a month) I still find nothing on MBAM and only the same cookies on SAS. Am I just extremely lucky? I am using Outpost Free firewall and it is set to not automatically create rules. I have to approve everything. AntiVir is my AV solution. It has caught 1 FP virus in the same time period. I have heuristics set high so I have been expecting FP's, but not this few. It has alerted me to some bad websites. Have I maybe found the ultimate security solution for me? I sure hope so because my PC runs pretty smooth everyday. The scans are slow but that is to be expected with an old P4. I remember when I first got this PC. It was so fast! I was upgrading from an Celeron 850 at the time.
I have about the same experience. I cannot remember the last time my system got infected. I think mainly, we are more cautious or smarter online now and have good web browsers. I don't use IE and maybe you don't either. Plus most anti viruses have a spyware guard built in.
Try posting in the forum. Perhaps someone will look at your post and answer your question there. I find my posts get ignored in the category listing. I guess the moderator only have so much time and they spend it on the forums.
Good luck.
This is very true. TSA is a community site staffed completely by volunteers from all over the world so time management across different time zones is very important to us. The forum not only concentrates threads into the most appropriate areas but allows the posts to be tracked in date order unlike here in the comments sections where things quickly tend to get 'buried'. It's also much easier for editors to see posts requiring their attention in the forum than here where they would physically have to open each individual category to read them.
I would say you have the bases covered as far as software goes. I find the same with MBAM and SAS. It's just a reassurance that my PC is safe. I pay close attention to sites using WOT in my browser, plus I use NoScript.
Your firewall and antivirus choices are good one's. Just keep on doing things the way you have been and you should be safe most of the time.
I try a few applications on top of what I use just to see if my regular stuff is missing anything, but in 99.9% of the cases it's just minor variances.
Gizmo Freeware should review Hazard Shield http://download.cnet.com/Hazard-Shield/3000-8022_4-10777008.html?tag=mnc... which is in my opinion as good as SUPERAntiSpyware. Maybe even better because it also has a real-time shield, unlike SAS.
wow, one of my friends were using that,don't work very well.. her computer was slowing down to the point it would not start, unless i booted it in safe mode, a full scan with superantispyware found alot of spyware, i mean i lot, like 2000 plus. after the cleaning the computer was running real well. the real time shield is a joke. use sandboxie for that.
Any opinions on these similar OpenDNS programs?
http://www.dnsadvantage.com/
http://www.scrubit.com/
Very good find friend. I have been looking for Open DNS alternatives.I will be sure to try these out and get back to you. Can I ask are yo part of our forum? If not then please join and continue the discussion
http://techsupportalert.com/freeware-forum/
Brendan,
I have no first-hand knowledge/experience with it, but if you are testing alternative DNS servers, be advised that Comodo now offers one:
http://www.comodo.com/secure-dns/
(I myself am using OpenDNS.)
I switched from OpenDNS to Comodo some time back and have been very pleased with the service. Living where I do with a dynamic IP and erratic connection I was always having to update OpenDNS to deep my settings live. I did try the auto updater but half the time it wouldn't load and also caused me some network problems. OK so Comodo is not as configurable i.e. no personalized filters but it does stop the bad guys well enough. For those not familiar with these services they also protect you from "typos". Some malware sites are designed as a honey trap for misspelled legitimate destinations so this is one less thing to worry about while surfing. e.g.
"Sorry, "www.cimodo.com" does not exist or could not be found
The website you are looking for may be experiencing problems, is temporarily unavailable, or there was a typing error in the address"
Couldn't get scrubit to work! shame 'cause was looking for a dns that auto blocks porno without having to sign up/use a 'control centre' etc.
Thanks for that update. I will look into something for you to block these sites.
Thanks
Did you manage to find anything? thanks.
Cheers. Did scrubit work for you? I tried both their dns servers and neither connected!
No Scrub It is no longer working. See the user comments at the bottom of this page.
http://www.makeuseof.com/dir/scrubit/
Thanks
It's not Avorax, it's Arovax.
Midnight Cowboy, regardless of how good Malwarebytes may be,it's the ONLY malware program that has ever given me false positives. I MAY try it again, when version 1.42 comes out.........
any news or updates yet? been awhile now...
Have been using MalwareBytes AntiMalware for some time now, but when I downloaded the latest updates yesterday (11/11) and ran it, it found several problems (for the first time ever). It cleaned the problems, prompted me to reboot and that's when the REAL problems started. Windows booted to a blue screen saying that there was a serious problem with windows. Couldn't boot at all, Safe mode included. Ended up re-installing Windows.
That's the end of MalwareBytes AntiMalware for me.
Unfortunately, MBAM database 3143 (11 Nov) was guilty of a major false positive: it detected atapi.sys as a rootkit. in actuality, Atapi.sys is part of the Standard IDE/ESDI Hard Disk Controller. And users who removed this critical file and tried to reboot found their system was unbootable :-(
MBAM reacted quickly, and issued a revised database, removing this F/P. But for many users, it was too late.
For more information on this particular F/P, see: http://www.malwarebytes.org/forums/index.php?s=aaf36e7e0e020374208a33b24...
For more thoughts on False Positives (in general), see: http://en.community.dell.com/forums/p/19241449/19368699.aspx#19368699
Without knowing your full circumstances, operating system and details of the files identified it's difficult to make a constructive comment but this situation is not un-typical of all security software. Especially after a signature database overhaul false positives are likely to be produced. Comodo and a-squared have also suffered from this in the past although they are better now. It is also possible that the use of 'tweaking' software and/or any manual settings adjustments made to Windows can also produce false results. The bottom line with all of these programs though is that you should not remove anything unless you are certain that it is malware. The most reliable way to do this is to upload the files identified to Virus Total.
http://www.virustotal.com/
I realize that this is a pain to do but it is one of the prices you pay for safety. Without following this or a similar procedure there's little point in having security software at all because none of it is capable of 100% protection and all of it requires at least some user intervention to interpret the results correctly.
You can also achieve the same BSOD results by the ill-informed use of system cleaners, including and especially registry tools.
I have given Malwarebytes away, after having WAy too many false positives. It has triggered warnings, while all my other programmes came up negative.This has happened twice before. after the third episode, I uninstalled it.
Some of these warnings are merely a reminder that maybe you've disabled some Windows notification services or indeed they could be malware. Malwarebytes does find things that others miss and unfortunately the only way to confirm this is to upload the files one at a time to VirusTotal. I use Malwarebytes as a secondary scanner myself and have always found the FP rate to be lower than average. If you can I would re-install it and then check out these files with a service like Virus Total and also submit a HijackThis log for analysis.
http://www.virustotal.com/
Unfortunately there is no security software which will always protect you on it's own and only present you with confirmed malware. I've been down this same road myself with both Comodo and a-squared in the past but this time and inconvenience is the price you pay for staying safe.
Malwarebytes is one of the best antimalwares out there. Yes, it may have false positives, but which softwares does not? In terms of detection, and removal, MBAM is really good. I certainly will continue to keep and use it on my PC.
Anupam
Yet another weekend passed, been a month now, tension growing, awaiting that long anticipated update.
Thank you for the 'welcome', MidnightCowboy!!
I went to get the Bullguard pgm but it downloaded BullGuard_87_x64.exe!
NOT the 85 edition, and when I started to install it - it 'did' say that it was 8.7??
Did I get the correct file or what?
I have a Toshiba Notebook with Windows X64 Vista Home Premium.
I am using Firefox 3.0.15 to surf and download.
Oh, and I found out that Spyware Terminator doesn't run on X64!!
I hope you can answer me before the time limit expires!
I am on the East Coast of USA and it is now 7:23 PM Eastern Standard Time.
Thanks a bunch!!!!
Sue ;>)
Hi
I did answer your query over on the other page but I've only just seen this one. Presumably by now you will know that this file designation is correct. Bullguard only changed the number to .7 to reflect compatibility with Windows 7.
Spyware Terminator will run on x64 and the scanner will function. It's the real-time component which is not yet x64 compatible.
I would consider upgrading your version of Firefox. There is some other useful stuff amongst the rubbish I wrote here!
http://www.techsupportalert.com/content/safe-computing-under-hour.htm
Have fun!
MC
No one should be using IObit 360 anymore seeing that they can't be trusted. IObit 360 is a Chinese company and was recently caught stealing from MalwareBytes and possibly other companies, any company like this can't be trusted to secure your computer period. You can read more here. http://news.cnet.com/8301-27080_3-10389650-245.html
With the permission of the Administrator of this Forum, I will indicate, again, to the readers of this very useful Forum, a link to an article about "Cyberthieves that are hacking into small- and medium-sized organizations, EVERY WEEK, and stealing millions of dollars, in an ongoing scam that has moved about US$100 million out of U.S. bank accounts":
http://www.pcworld.com/article/181354/fbi_warns_of_100m_cyberthreat_to_s...
Even if it has not to do with "spyware", the above mentioned article has to do with the Security, in general.
The following article is "complementary" with the previous one. One quote:
"U.S. officials say government computer systems are probed or scanned MILLIONS of times a day, and face an increasing threat from hackers - cybercriminals looking to steal money, or information, and nation-states aimed at espionage, or the destruction of networks that run VITAL services. Officials have called for a more coordinated effort."
http://www.enterprise-security-today.com/story.xhtml?story_id=69824
Even if my post will be considered "out of topic", I just wanted to warn some of your readers about the dimension of this phenomenon. The threat is becoming very serious. The guys who are behind of these actions, are not amateurs: they are highly skilled "professionals" - belonging to various groups of the organized crime.
I am sure that if more PC users (owners of small businesses) would take a minimum of security measures, they would face less problems with the "cyber-thiefs".
One good starting point would be, for them, to start reading (and putting in practice) the advices given to them, for free!, by the altruist and competent team from techsupportalert.com.
Wolfram
P.S.
After one year, the Conficker worm has passed a dubious milestone: it has now infected more than 7 million computers, security experts estimate...
The problem you had with malwarebytes was that spyware targets the process name and kills it if you are severely infected. Same happens to Stinger, Symantec Virus removal tools, as well as Gmer rootkit detector. Not a problem with the software itself.
The best thing to do always is run a scan in safe mode.
http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-D...
JustAThought
IObit 360 is removed from majorgeeks.
JustAThought
Hi all,
1.) Does that mean that IOBIT 360 Pro (free license for one year) is 'not' a good product to use??
2.) What about "Spyware Terminator" from Crawler, LLC, (one of a family of companies in the Xacti Group??) The program has a "Real Time Shield" and "HIPS" component!!
Thanks a bunch from a first time poster!
Sincerely,
Sue ;>)
Hi Sue
Welcome to TSA.
Iobit360 is still largely unproven at this stage, especially regarding their real time protection module. As to the other issues which have surfaced recently all of us are making our own personal conclusions based on what we are able to read. I say this with caution because it's likely that we will never be able to tell 100% what has gone here or what anyone's intentions might have been.
Spyware Terminator remains a firm favorite with millions but I still believe that its main strength lies in its HIPS capabilities rather than its spyware detection. It also has some other useful features though so in its category is well worth checking out. If on the other hand you want a top line solution containing everything you could possibly need (including anti-spyware) then checkout our Bullguard offer.
http://www.techsupportalert.com/content/get-top-rated-bullguard-internet...
This is one of the closest "set and forget" programs that I've seen so long as you don't attempt to venture into the advanced firewall or other custom settings. For average users though the standard settings are more than adequate to keep you safe.
I'd say Malwarebytes is by far the best. It finds and removes malware that even SUPERAntiSpyware misses. Download these 2 and that's all you'll need.
I agree. Malwarebytes is the one I always run first. It seems to get the nastiest trojan infections on the first shot. I run Super antispyware second to mop up.
Always rename you executables before installing as more and more trojans seem to block installations as well as updates. If it won't install or update run in safe mode.
FWIW I don't like A2 at all and find it significantly inferior to the other 2.
-J
I don't think you have cleaned very many Trojan infected machines. A-squared is superior to Malwarebytes and SuperAntiSpyware in Trojan cleaning.
Report on effectiveness vs. Personal Guard 2009:
I did a search to see if this had been mentioned and got no hits so hoping not to be redundant here. Not a pro-techie or even a competent techie - just a fiddler knowing just enough to be dangerous.
One of our pc's - a Dell running WinXP used extensively by a teenager (yeah, I know) - recently was infected with this annoying and persistent little devil.
First I tried manual removal, using instructions from another help site. Stopped the process, searched regedit for all PG09 references, deleted, then tried to manually delete all file ref's. Deleting the PG09 folder returned the infuriating "denied" msg saying that I did not have the right to do this. You guys know better than me, but PG09 must place a hidden defense thingee in there?
Tried SUPERAntiSpyware first. It not only wouldn't remove PG09, but on reboot, I got the infamous ugly screen giving me different boot-up options - Safe Mode, etc. It would only successfully re-boot if I chose "return to an earlier successful configuration" or something like that. Even at that I now had a new window to go with PG09's multiplicity of deviltry - saying "couldn't find "logon.exe".
After removing SAS, re-loading, and re-scanning 3 times with similar negative results, exceeding the definition of insanity, I gave up and tried MalwareBytes AntiMalware. Git 'er done, first time, clean and mean.
Just a heads-up for ya'll, and a question - any comment on what SAS might have done that caused the glitchy re-boot?
Anyone know why PG09 prevented manual deletion of it's files?
Recently my cousin's PC was infected with MS Antispyware 2009, a rogue and fake antispyware. IObit Security was able to identify it, and removed the files successfully... but was not able to remove the registry entries.
Superantispyware was able to detect the registry entry, but hanged while removing it.
MBAM was successfully able to delete the registry entry.
This is the first time that I was able to see IObit Security in action. Good work, but not good enough, since it should clean everything infected... it left behind registry entry in this case. The product is fairly new though, and I hope it will improve. Its going good from what I read. The real-time protection is definitely a big plus.
Anupam
hey when is there going to be a update? i want to see how IObit Security 360 fairs on this.
ps. how good/safe is Advanced Spyware Remover 1.98 and SpywareGuard 2.2
SpywareGuard is from a reputable company (Javacool) but is a "work in progress". This warning is displayed on their web page
"While we do strive to fix any compatibility problems that may arise, we cannot guarantee that it will not conflict with other security software on your machine. SpywareGuard has also not been tested with Windows Vista."
The Advanced Spyware Remover site is red rated by WOT so stay well away from it.
In reality many people overestimate their need for anti-spyware programs in addition to the protection already provided by their existing firewall/AV solutions. If you fancy trying something different then check out our "Hot Finds" section from the main menu this coming Thursday/Friday for a program which offers protection across the whole threat range, and includes a top rated firewall.
thanks for the info
Hitman Pro and Prevx (no removal, but still great help for cleaning purposes) belong to top. IoBit 360 has excellent scanner too. I've tested all for severely infected systems with good/excellent results. I'm skeptical of Ad-Aware being as useful.
P.S. Boclean is dead, baby. Boclean is dead. (Guess what movie? :)
I removed it from the text.
All three look promising, but when I have to clean a system, I first use A-squared and find, I don't need to use anything else. I have never had an FP either.
Ad-Aware used to be my favorite for Years, but why would I want to install services that I didn't ask for, or not be able to turn them off?
Why do I want to D/L a browser???? (Google Chrome included in that massive 75meg file).
It went from an Excellent application & 13meg to almost 80meg, BLOAT-WARE, and your older 'petite' version won't update anymore. I'll never be back.
Uninstalled, deleted, out the door!
I've used Superantispyware but all that it ever finds are cookies. And, for that, I could simply delete all my cookies in the first place! Never found things that Ad-Aware Pro found.
Post new comment